BibTeX

Share

OpenURL

Abstract

not necessarily those of the MOD. This paper will focus on the COSTS associated with validation of Safety Critical Software and will suggest some considerations for the way forward. The costs of safety analysis of Software are not straightforward to estimate. The extent of errors in the software requiring correction cannot be predicted in advance of analysis, and if white box evidence is lacking (in the case of COTS or SOUP), cannot even reliably be extrapolated partway through the analysis process from early results. Losing control of the fault fixing process escalates costs and increases the likelihood of safety implications. The completion criteria of the safety analysis process are not objective but depend on a judgment by the assessors. This judgment can not be made in advance of completion. Evidence to support the certification of Software will in general belong to suppliers who may be reluctant to release it. Its cost will therefore be a matter of negotiation, and, because of commercial factors, may bear little relation to the cost of generating it in the first place. The ease of application of many methods, particularly white box approaches such as static analysis likely to be favored by assessors, is sensitive to the quality and type of evidence available.